mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-11 22:07:29 -08:00
Don’t let the user checkout an asset to itself
(We should consolidate that AssetCheckoutRequest for the API)
This commit is contained in:
parent
2fc46746e2
commit
1f247ff541
|
@ -7,6 +7,6 @@ class CheckoutNotAllowed extends Exception
|
||||||
{
|
{
|
||||||
public function __toString()
|
public function __toString()
|
||||||
{
|
{
|
||||||
"A checkout is not allowed under these circumstances";
|
return "A checkout is not allowed under these circumstances";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -457,16 +457,28 @@ class AssetsController extends Controller
|
||||||
|
|
||||||
$this->authorize('checkout', $asset);
|
$this->authorize('checkout', $asset);
|
||||||
|
|
||||||
|
$error_payload = [];
|
||||||
|
$error_payload['asset'] = [
|
||||||
|
'id' => $asset->id,
|
||||||
|
'asset_tag' => $asset->asset_tag,
|
||||||
|
];
|
||||||
if ($request->has('user_id')) {
|
if ($request->has('user_id')) {
|
||||||
$target = User::find($request->input('user_id'));
|
$target = User::find($request->input('user_id'));
|
||||||
|
$error_payload['target_id'] = $request->input('user_id');
|
||||||
|
$error_payload['target_type'] = User::class;
|
||||||
|
// Don't let the user check an asset out to itself
|
||||||
} elseif ($request->has('asset_id')) {
|
} elseif ($request->has('asset_id')) {
|
||||||
$target = Asset::find($request->input('asset_id'));
|
$target = Asset::where('id','!=',$asset_id)->find($request->input('asset_id'));
|
||||||
|
$error_payload['target_id'] = $request->input('asset_id');
|
||||||
|
$error_payload['target_type'] = Asset::class;
|
||||||
} elseif ($request->has('location_id')) {
|
} elseif ($request->has('location_id')) {
|
||||||
$target = Location::find($request->input('location_id'));
|
$target = Location::find($request->input('location_id'));
|
||||||
|
$error_payload['target_id'] = $request->input('location_id');
|
||||||
|
$error_payload['target_type'] = Location::class;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($target)) {
|
if (!isset($target)) {
|
||||||
return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], 'No valid checkout target specified for asset '.e($asset->asset_tag).'.'));
|
return response()->json(Helper::formatStandardApiResponse('error', $error_payload, 'No valid checkout target specified for asset '.e($asset->asset_tag).'.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$checkout_at = request('checkout_at', date("Y-m-d H:i:s"));
|
$checkout_at = request('checkout_at', date("Y-m-d H:i:s"));
|
||||||
|
|
|
@ -458,7 +458,7 @@ class AssetsController extends Controller
|
||||||
if (request('assigned_user')) {
|
if (request('assigned_user')) {
|
||||||
$target = User::find(request('assigned_user'));
|
$target = User::find(request('assigned_user'));
|
||||||
} elseif (request('assigned_asset')) {
|
} elseif (request('assigned_asset')) {
|
||||||
$target = Asset::find(request('assigned_asset'));
|
$target = Asset::where('id','!=',$assetId)->find(request('assigned_asset'));
|
||||||
} elseif (request('assigned_location')) {
|
} elseif (request('assigned_location')) {
|
||||||
$target = Location::find(request('assigned_location'));
|
$target = Location::find(request('assigned_location'));
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,10 +23,13 @@ class AssetCheckoutRequest extends Request
|
||||||
*/
|
*/
|
||||||
public function rules()
|
public function rules()
|
||||||
{
|
{
|
||||||
return [
|
$rules = [
|
||||||
"assigned_user" => 'required_without_all:assigned_asset,assigned_location',
|
"assigned_user" => 'required_without_all:assigned_asset,assigned_location',
|
||||||
"assigned_asset" => 'required_without_all:assigned_user,assigned_location',
|
"assigned_asset" => 'required_without_all:assigned_user,assigned_location|different:'.$this->id,
|
||||||
"assigned_location" => 'required_without_all:assigned_user,assigned_asset',
|
"assigned_location" => 'required_without_all:assigned_user,assigned_asset',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
return $rules;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue